Unrated severityNVD Advisory· Published Jan 7, 2015· Updated May 6, 2026

CVE-2014-9493

Description

The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property.

Affected products

Red Hat/Openstack2 versions
cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*
OpenStack/Image Registry And Delivery Service \(glance\)
cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):*:*:*:*:*:*:*:*
Range: >=2014.1,<2014.1.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.openstack.org/pipermail/openstack-announce/2014-December/000317.htmlnvdPatchVendor Advisory
rhn.redhat.com/errata/RHSA-2015-0246.htmlnvdThird Party Advisory
www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlnvdThird Party Advisory
www.securityfocus.com/bid/71688nvdThird Party AdvisoryVDB Entry
bugs.launchpad.net/glance/+bug/1400966nvdIssue TrackingThird Party Advisory
security.openstack.org/ossa/OSSA-2014-041.htmlnvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000